passwords - Freeradius radcrypt encrytion in PHP -

i'm looking solution in php similar output of radcrypt.

i've looked mcrypt , can't seem figure out cipher , setting should use.

mcrypt wants salt add encryption radcrypt doesn't seem have salt.

anyone knows cipher and/or settings of radcrypt are?

you don't need mcrypt this. these passwords hashed, not encrypted.

the radcrypt script built bit of perl. relies on perl's built-in crypt function, has semantics similar the standard crypt function.

php also provides crypt. until 5.3, php used same exact functionality, called in same exact way, generating same hashes. starting in 5.3, php's implementation became bundled language instead of relying on external libraries, allowing additions , enhancements.

the radcrypt script automatically produces salt, using 2 characters des , 8 md5:

$salt = ($opt_md5 ? '$1$' : ''); ($i = 0; $i < ($opt_md5 ? 8 : 2); $i++) {     $salt .= $saltc[rand 64]; } $salt .= '$' if ($opt_md5); print crypt($argv[0], $salt), "\n"; 

des crypt stores hash first 2 characters. example, crypt('password', 'aa') produces aajfmknh1htm2.

md5 crypt stores hash part of $ delimited section. example, crypt('password', '$1$iamasalt$') produces $1$iamasalt$rsuhkok5nvnvbm3bpw/g8/.

knowing this, can correctly create expected password format using php, or any other language supplies standard crypt. crypt knows how extract salt hashed string, can pass hashed password right in order verify password:

$hash = '$1$iamasalt$rsuhkok5nvnvbm3bpw/g8/'; $password = 'password'; if($hash == crypt($password, $hash)) {     print "passwords matched.\n"; } 

incidentally, code valid in both perl , php.

please sure read wikipedia article above, sections concerning password security. neither des nor md5 hashes secure against brute-force attacks. should not use either of these methods unless required supports these 2 hash types (like, dunno, freeradius).